Introduction

For licensing purposes, according to me, the best and secure way is to generate a unique key for the client's machine and provide a corresponding license key for that key. For this purpose, you can take help of the unique id of the client's computer motherboard, BIOS and processor. When you get these IDs, you can generate any key of your preferable format.

Year ago, I found a very handy and useful code in C# by searching the Internet to get these IDs. And it's serving me perfectly so far. Thanks to the original author of the code.

I added some additional code to generate a 128 bit key of a machine. The output is a nice looking key in hexadecimal format (eg. 4876-8DB5-EE85-69D3-FE52-8CF7-395D-2EA9).

Suggestions

I have a few suggestions in this regard:

Generate a key from only the Motherboard, Processor and BIOS since the user normally doesn't change these parts.

Don't use MAC ID, Graphics Card ID AND Disk ID since it's very common to change these devices.

It takes significant time to get IDs of devices. So make the finger print generating function static and save it in a static variable so that it generates the key only once in the whole application.

The Code

Here is the class. The code in the region "Original Device ID Getting Code" is from the original author.

because it uses WMI. WMI just queries a database that is built probably when windows is installed. Since you ghost the machine, that database copied as well. Probably have to refresh that database some how.

Nice Article Sowkot, Thanks.
What will be the cause in case of motherboard changed?
In my case we just need to pass any unique Computer id to licensing software and then it creates computer Key bound to specific computer, then which is best to pass? MAC Id, Motherboard id or Processor Id?

Thanks for sharing the code in detailed explanation. Can someone please also share the code for getting the same hardware unique values in Linux/Unix and Mac Computers? I would appreciate your response.

Thanks for this , its work on localhost perfect but when web application run online server then
both value (from localhost and online) are different. because this code get values from online server.
we need values getting always from client Computer.

I used the information in this article to develop a solution for myself and added an additional metric of using the Trusted Platform Module's PCRs registers as well, if a TPM is available on the system.

So ? If you recommend us don't use MAC ID, Graphics Card ID AND Disk ID, But the process Id and BIOS not unique. Then....The only unique and not modify info is Board Id? No , because even some OEM board don't have unique id. So.....all not a good solution.

I used this excellent template for a licence manager on some embedded medical device software. Worked perfectly (to medical grade software testing) but I have a technician on-site overseas right now and it's failing for her.

The hardware fingerprint changes every time she plugs in her USB disk, so it appears the first disk returned from a Win32_DiskDrive query isn't always the system disk. The strange thing is I can't replicate it in our office on an identical machine/software environment/removable disk (all our medical systems are identical).

I'm just going to remove the disk component of the fingerprint in our next update, but if anyone knows what's happening, any advice will be appreciated.

Finally, dont use macadress, lot of users at this days use notebooks, and usually have a LAN PORT AND WIFI!!
If user use notebook and disable or deactivate or poweroff wifi, then you have a problem if user activate your software with wifi and then not is available, the macadress change to LAN.....!!

i use some text, bios id, motherboard id and processor id to generate unique machine key. I just want to be assured that by any chance after format, this unique key can change? (There is No change/replacement in hardware.) i also want to know whether any tools available which can change the ids i use?

Im asking this becuase one my client told me that he didnt change any hardware but still key is different

Hey, man. Thanks for the code. Solved my problem almost perfectly. But i would like do understand a little bit more about the GetHexString(byte[] bt) method. I dont need that big hexadecimal. I would like to delimitate the number of my string returned. How could i do that? (in my case, a string of 12 caracters). Thanks so much.
Diogo

I think that the security provided with this code generation is kind of obsolete because of the hardware dependency which proved to be a lot of inconvenience for the customer, so i believe in using a USB Dongle technology like UniKey or ilok, is more effective in today's grown software piracy, even if it costs extra money.

What if the client intentionally report the lost of USB Dongle (but he did not lost it) and request for replacement, so that he/she can has 2 USB Dongle which enable him/her to use the same software on two computers?

Hash string cannot be reverted. That is one way encryption. To crack it, you need a hash table something like this: https://crackstation.net/[^]

If you wish to reverse it, you can encrypt it. But if you can decrypt the string, other can decrypt it too. Its just a matter of time. But if you encrypt it complex enough (AES + TwoFish + TDES, etc), I'm sure that others will give up decrypting it, due the required time is too long.

It is the principal and intention of Hashing that they are irreversible. Of course there are ways to try every combination of input and see if the hashed values match, but you cannot guarantee that you have found the proper value. This also is by intention.

You can do a quick proof of this yourself by "counting" the possible values for an MD5 hash (it has 128 Bit) and the possibles values for a potentially very long input value. As you can have far more input values than MD5 hash values, you will definitely have collisions there.

If you want something reversible, you can use the same way of generating the identifiers and then use encryption instead of hashing to protect them reversible.

Be minded that using hashing also is a method to protect the users privacy, that is well intended here.

- video card is unreliable, as quite a few notebooks out there now use dual video, dynamically switching between them according to system's graphic power needs. Sometimes even remote access tool change this.

- BIOS data is unreliable - first a BIOS update might change things, second there are BIOS bugs. I've seen BIOS reporting textual or hex vendor id depending on whether there is an eSATA drive connected.

- network is unreliable. There are computers switching off the network card when there is no cable plugged in so that the MAC is not visible to the OS at all. Some do this only if it is running on battery.

I don't think there is a way to build reliable small rigid id. It might be possible to collect the data and allow for a limited number of changes.

Obfuscation only makes the codes in a format which is not easy to read our but not totally impossible to decode out. It totally depends upon the the value of the application that how much important it is.
If a person wants then he/she can decode the obfuscated code too.

Sorry to say i had to tried it already. and adding all the options in Reactor, makes some function of the program works weirdly, You can search it on net. .NET is good for in-house productions and not for global distribution.

The Native Image Generator (Ngen.exe) is a tool that improves the performance of managed applications. Ngen.exe creates native images, which are files containing compiled processor-specific machine code, and installs them into the native image cache on the local computer. The runtime can use native images from the cache instead of using the just-in-time (JIT) compiler to compile the original assembly.